Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Mar 2012 12:13:15 -0700
From: (Eric W. Biederman)
To: Djalal Harouni <>
Cc:,,  Andrew Morton <>,  Linus Torvalds <>,  Al Viro <>,  Alexey Dobriyan <>,  Vasiliy Kulikov <>,  Kees Cook <>,  Solar Designer <>,  WANG Cong <>,  James Morris <>,  Oleg Nesterov <>,,,  Alan Cox <>,  Greg KH <>,  Ingo Molnar <>,  Stephen Wilson <>,  "Jason A. Donenfeld" <>
Subject: Re: [PATCH 0/9] proc: protect /proc/<pid>/* files across execve

Djalal Harouni <> writes:

> Procfs files and other important objects may contain sensitive information
> which must not be seen, inherited or processed across execve.

So I am dense.  /proc/<pid>/mem was special in that it uses a different
set of checks than other files, and to do those access checks
/proc/<pid>/mem needed to look at exec_id.

For all of the access checks that are not written in that silly way.
What is wrong with ptrace_may_access run at every read/write of a file?

We redo all of the permission checks every time so that should avoid

I really think you are trying to solve something that is not broken.
Certainly I could not see your argument for why anything but
/proc/<pid>/mem needs attention.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.